1. Field of the Invention
The present invention relates to a wireless terminal and an authentication device.
2. Description of the Related Art
Various wireless communication systems, typically, IMT-2000 and wireless LANs, are increasing in number. Also, the popularization of information terminals such as PCs (personal computers) and PDAs (Personal Digital Assistants) with a wireless communication function, has paved the way to an environment where various services can be received over a network at any time and any place. Real-time applications including telephone services and video distribution with the use of mobile terminals, such as mobile PCs, PDAs and IP cellular phones, are especially attracting attention in recent years.
On the other hand, there is a concern that the increase in number of users of services provided via a network could increase crimes utilizing communication networks such as impersonation and eavesdropping. Security measures for preventing those crimes therefore take importance.
The security measures include user authentication and communication encryption technologies. User authentication is used to prevent impersonation of a user or a communication device and alteration of communications. Also, for service providers, user authentication is a necessary function in order to provide services to authorized subscribers. Communication encryption is used to prevent eavesdropping of communications. Cases that are considered to need communication encryption in particular are the ones where wireless LANs or the like are employed as devices relaying communications over radio waves that are available to general public.
When a user logs on to a network such as a public wireless LAN, a mobile terminal first has to detect a wireless LAN access point where a service is provided and start wireless access. In most cases, the provider of the service performs authentication (user authentication) at this point in order to identify the user as a subscriber of the service. In some cases, the user performs authentication (server authentication) in order to identify the detected access point as authentic equipment installed by the service provider. After the authentication, the wireless access is established and the network can be used while eavesdropping of communications is prevented with the use of an encryption key (access key) shared between the wireless LAN access point or the like and the user's mobile terminal. The service is executed over the established network by an application such as VoIP.
In radio wave communications over a wireless LAN or the like, the limited propagation range of radio wave necessitates handover processing, in which wireless LAN access points or other communication bases that the user can log on to are detected again for reconnection when the user is on the move. Upon reconnection, the mobile terminal needs to perform authentication between the mobile terminal and a new wireless base station (access point). Accordingly, the mobile terminal cannot use radio wave for communications since the mobile terminal reconnection processing is started until the reauthentication is completed. In the case where the handover processing takes place while the user is communicating through VoIP, a prolonged communication interruption is felt by the user as audio disruption. Therefore, the quality of the service is deteriorated.
The communication interruption depends on how long user reauthentication takes. Methods employed for user reauthentication include one that uses MAC address assigned to communication interfaces of mobile terminals, one that uses mobile terminal ID, one that uses user ID and password, and one that uses an electronic certification form.
The method using MAC address and the method using mobile terminal ID are capable of relatively quick authentication processing, and thereby do not cause audio disruption to be felt by a user during handover. The MAC address method, in particular, is employed at many wireless LAN access points and is relatively easy to introduce. However, the MAC address method allows the act of faking an MAC address, thus providing weak security with regard to identifying and authenticating a user. Another problem is that the MAC address method is incapable of server authentication for identifying a false wireless LAN access point.
Proposed as the method that uses user ID and password is MIS protocol, which contains authentication processing quick enough to prevent a user from registering audio disruption. MIS protocol makes server authentication, user authentication, and distribution of encryption keys through wireless communications possible with the use of a key shared in advance between a user and a server and dynamic random numbers. However, being a unique protocol, MIS protocol requires dedicated wireless LAN access points, the introduction of which is costly and therefore could be difficult.
The method that uses an electronic certification form makes it possible to execute user authentication and server authentication with a high security level. This method is employed by, among others, IEEE 802.1x and IEEE 802.11i, which are lately becoming popular. Accordingly, the electronic certification method is employed at many wireless LAN access points as one of standard functions of mobile terminals. The method has many authentication sequences that have to be executed between a mobile terminal and an authentication server, and requires a lot of calculation for session keys and encryption keys as well. A problem arisen from employing the electronic certification method is that the speed of authentication processing is not quick while the security level of user authentication and server authentication is high. The method therefore causes audio disruption to be felt by a user during handover processing.
FIG. 10 shows an example of sequence processing for wireless LAN handover authentication in prior art. There are a mobile terminal (PC) 25, which is a wireless terminal, an authentication server 28, a wireless LAN access point (may be simply referred to as “access point” below) 26, and a wireless LAN access point 27. The access point 26 and the access point 27 are connected to the same authentication server 28, and the distance between the two is set such that their radio wave propagation ranges partially overlap. Hereinafter, wireless LAN handover processing in prior art will be described with reference to FIG. 10.
In the initial state, the wireless terminal 25 is kept turned off or is not logged on to the access point 26. The access point 26 and the access point 27 are connected to the authentication server 28 via a safe network that does not allow eavesdropping, data alteration, and the like. The access point 26 and the access point 27 notify the wireless terminal 25 of their existence by way of beacons or the like, so that the wireless terminal 25 can log on (connect) to the access point 26 or 27.
When the wireless terminal 25 is powered on by a user, or starts logging on to the network via one of the access points, the wireless terminal 25 catches a beacon from the nearer access point and determines an access point to which the wireless terminal 25 makes a wireless LAN connection. In this example, the wireless terminal 25 catches a beacon from the access point 26. The wireless terminal 25 then starts authentication in accordance with the access point 26 and an IEEE 802.1x access control function which is set in advance to the access point 26.
The wireless terminal 25 executes TLS negotiation (an authentication procedure by TLS with the use of an electronic certification form) (S46) with the authentication server 28, and shares an authentication session key (referred to as “session key (1)”) with the authentication server 28.
The authentication server 28 creates a connection key (referred to as “connection key (1)”) from the session key (1). The authentication server 28 sends the created connection key (1) to the access point 26, where the connection key (1) is used to create an encryption key for use in encrypted communications between the access point 26 and the wireless terminal 25 (the key is referred to as “encryption key (1)”). The access point 26 creates the encryption key (1) from the connection key (1), encrypts the created encryption key (1) with the connection key (1), and sends the encryption key (1) to the wireless terminal 25.
The wireless terminal 25 receives from the access point 26 the encryption key (1) that has been encrypted with the connection key (1). The wireless terminal 25 creates the connection key (1) from the session key (1) that has been kept in the wireless terminal 25, thereby decrypting the encryption key (1) that has been encrypted by and received from the access point 26 and obtaining the encryption key (1). Using the obtained encryption key (1), the wireless terminal 25 executes encrypted communications with a communication partner device 29.
In the case where a user carrying the wireless terminal 25 moves to such a location that lowers the intensity of a radio wave reaching the wireless terminal 25 from the access point 26 while the wireless terminal 25 is logged on to the access point 26, the wireless terminal 25 executes handover processing. The wireless terminal 25 catches a beacon from, for example, the access point 27 near the wireless terminal 25, and determines the access point 27 as a handover destination access point.
The wireless terminal 25 starts authentication in accordance with an IEEE 802.1x access control function which is set in advance to the access point 27. In this case, the TLS authentication processing (S47) is executed as when the wireless terminal 25 logs on to the access point 26. The wireless terminal 25 and the authentication server 28 then discard the session key (1) and the connection key (1), so that a new session key (referred to as “session key (2)”) is shared between the wireless terminal 25 and the authentication server 28.
The authentication server creates from the session key (2) a new connection key (referred to as “connection key (2)”), and sends the created connection key (2) to the access point 27, where the connection key (2) is used to create a new encryption key for use in encrypted communications between the access point 27 and the wireless terminal 25 (the key is referred to as “encryption key (2)”). The access point 27 creates the encryption key (2) from the connection key (2), encrypts the created encryption key (2) with the connection key (2), and sends the encryption key (2) to the wireless terminal 25.
The wireless terminal 25 receives from the access point 27 the encryption key (2) that has been encrypted with the connection key (2). The wireless terminal 25 creates the connection key (2) from the session key (2) that has been kept in the wireless terminal 25, thereby decrypting the encryption key (2) that has been encrypted by and received from the access point 27 and obtaining the encryption key (2). Using the obtained encryption key (2), the wireless terminal 25 executes encrypted communications with the communication partner device 29.
When the wireless terminal 25 switches the wireless connection destination (handover) from the access point 26 to the access point 27 as this, the authentication takes approximately one second, which is long enough to cause a problem that it is impossible for the wireless terminal 25 to avoid an interruption in sound received from the other wireless terminal 29 during handover.
The following is a list of prior art documents related to the present invention:
[Patent document 1] JP 2004-207965 A
[Patent document 2] JP 2004-254277 A
[Patent document 3] JP 2003-60653 A